As businesses continue to adopt cloud computing and move their operations to the cloud, it’s crucial to ensure the security of their cloud environment. Amazon Web Services (AWS) is the leading cloud platform, but with the ease of use comes the responsibility of securing the data, applications, and services deployed on the cloud.

AWS provides a vast array of security services, but it can be challenging to keep track of all the activities and changes happening in your AWS account. That’s where the AWS Security Survival Kit (ASSK) comes in. This comprehensive and Free Open-Source kit sets up a basic proactive monitoring and alerting environment on common suspicious activities in your AWS account.

The kit uses CloudFormation templates to deploy EventBridge (CloudWatch Event) Rules and CloudWatch Metric Filters and Alarms on a selection of 🏴‍☠️ suspicious activities. It also comes with a CloudWatch Dashboard to give you more insights about what is ringing the alarm bells. With the ASSK, you can bring proactive security monitoring and alerting to your AWS account, complementing the GuardDuty service.

The following suspicious activities are currently supported by the AWS Security Survival Kit:

  1. Root User activities
  2. CloudTrail changes (StopLogging, DeleteTrail, UpdateTrail)
  3. AWS Personal Health Dashboard Events
  4. IAM Users Changes (Create, Delete, Update, CreateAccessKey, etc..)
  5. MFA Monitoring (CreateVirtualMFADevice DeactivateMFADevice, DeleteVirtualMFADevice, etc..)
  6. Unauthorized Operations (Access Denied, UnauthorizedOperation)
  7. Failed AWS Console login authentication (ConsoleLoginFailures)
  8. EBS Snapshots Exfiltration (ModifySnapshotAttribute, SharedSnapshotCopyInitiated SharedSnapshotVolumeCreated)
  9. AMI Exfiltration (ModifyImageAttribute)
  10. Who Am I Calls (GetCallerIdentity)
  11. IMDSv1 RunInstances (RunInstances && optional http tokens)

For the best experience, you can also set up AWS Chatbot to get notified directly on Slack.

CW Metrics Graph Count

In conclusion, the AWS Security Survival Kit is a must-have tool for businesses and individuals who are using AWS. With this kit, you can bring proactive security monitoring and alerting to your AWS account and ensure the security of your cloud environment. The kit was developed by my AWS consulting boutique, zoph.io.

Give a try, its free! ❤️ AWS Security Survival Kit

That’s all folks!

zoph.